save your money – just use tails

I suppose it was inevitable that the Snowden revelations would lead to greater interest in privacy and anonymity. I applaud that. I suppose it was also inevitable that there would be a rash of commercial products emerging from both “entrepreneurs” and the more established “security” companies to take advantage of that increased interest. That, I confess, I am less happy with.

El Reg reports that AV firm AVG (purveyor of antivirus and internet security products for most platforms) “reckons the market for products that safeguard online freedoms will be huge.”

El Reg’s report quotes Siobhan MacDermott, chief policy officer at AVG as being “astonished by the reaction to the scandal of the web-snooping NSA PRISM project.” (You have to ask why….)

The report goes on to say that MacDermott “predicted a world in which consumers were obsessed with protecting their own digital communications from prying eyes, as well as making sure their kids aren’t press-ganged into handing over reams of sensitive data to fraudsters and other undesirables.”

It goes on:

“MacDermott has been in discussions with five major banks, including Goldman Sachs, Morgan Stanley and JP Morgan, about how best to tackle this emerging market. She asked them to estimate the size of the burgeoning privacy sector – and they had no idea.”

(Smell the money….)

MacDermott reportedly “asked [the Banks] to size up the privacy market and all five told me that although they knew it was huge, they couldn’t yet give me a proper estimate of its size. They were super-excited though, because there are a lot of new companies popping up in this space.”

(So, lots of money….)

She went on: “My argument is that privacy will soon rival cyber-security in terms of market share. It’s about device control and protecting the online experience. It’s a nascent industry, so we’re still in the awareness phase and initial products phase. It’s going to be a big industry.”

(What, even bigger than the “Cyber Security” bandwagon? Oh boy. Lots and lots of money.)

So expect lots of new advertising for “privacy enhancing products” to protect you from “snoopers”.

Oh look, here’s one.

A company called Ninjastik is selling USB sticks with lubuntu preloaded, and what appears to be the tor browser bundle included. You can buy an 8 Gig stick for $56.95 or a 16 Gig stick for $69.95. And, for a limited time only, you get free shipping. Bargain.

I worry that anyone would go to the trouble of creating what is effectively a paid alternative to the free tails distribution provided by the (very clueful) guys at the torproject. I worry even more when the FAQ on the site says that no bittorrent client is included because:

“torrents use up a huge amount of bandwidth and will overwhelm the TOR network. Because of this, the NinjaStik does not come with a torrent client installed. You could install one yourself, but most exit server operators block torrent traffic anyway.”

With no mention that the bittorrent protocol leaks IP address information and can destroy your anonymity. This suggests that the builder may be somewhat less clueful than the guys over at the torproject.

I guess I just don’t understand free market capitalism that well either. After all, I fund two tails mirrors out of my own money when apparently I could be flogging USB sticks with the (free) tor browser bundle on for about 50 quid each (given the normal USD to UKP exchange rate for tech products.)

Permanent link to this article:

1 comment

    • Peter on 2013/07/19 at 10:24 pm

    The worst bit is that the snake oil vendors are gearing up for Yet Another Massive Pork Fest.

    For a start, Kim Dotcom is starting a VC fund. Yes, sure. As a responsible business I will buy products funded by someone occasionally drifting over that line labelled “you’re now entering illegal territory”. After all, bankers have apparently getting away with it.

    Then Peter Sunde of Pirate Bay (another upstanding citizen) gets crowdfunding for secure messaging. The problem is, that already exists, is stable, intelligent and works well, and has a much better pedigree as it’s from the same guy that wrote m0n0wall (and yes, I know him personally).

    Next, I read that some US company is making a big play on being “safe”

    The above all share one and the same issue: they seek to fix with technology what isn’t a technical issue to start with. What is wrong is that US laws have been so backdoored with anti-terror bypasses of due process (and to some extend EU laws) that it has effectively become immaterial what you use. If your company has a US division, any random official can basically wander in and demand all the data you can get hold of or it’s jail time for some for *cough* helping terrorists. If your HQ is in teh US you cannot even plausibly isolate that division and there are no decent controls on what happens with that data after it has been acquired either.

    I thus see a lot tech vendors yet again bamboozle executives at the golf course with big words and tech terms, selling stuff that will not help one iota. But, there is an answer, which is why they had to be blackmailed into breaking privacy laws. Sadly, the idiots in charge at the time didn’t see what the real goal was until it was far too late, but they’re fixing that now..

    Sure, there is money to be made helping companies developing privacy protection strategies – not to blow my own horn here but we developed a complete model for that, but that begins with looking at the legal situation. If your HQ or outsourced provider’s HQ is in the US you have quite a bit of work ahead of you..

    (I hope the weblinks work :) ).

Comments have been disabled.